7 matches found
CVE-2023-0559
The GS Portfolio for Envato WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
WordPress Fancy Product Designer For WooCommerce Cross Site Scripting
About Fancy Product Designer for WooCommerce Fancy Product Designer for WooCommerce is a WordPress plugin which allows users to design custom products in a vendor's WooCommerce store. It is sold through the third-party marketplace "Envato Market" and boasts over 15,000 sales. Stored XSS via SVG...
Open Redirect Bug in Bridge Theme Plugin Opens Admins to Spearphishing
Two open-redirect vulnerabilities in Bridge, a commercial WordPress theme purchased more than 120,000 times, would allow an attacker to mount spearphishing attacks against site administrators. An open redirect vulnerability can be used to hide malicious links behind URLs for legitimate domains. F...
Design/Logic Flaw
An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. This results in arbitrary code...
PHP Login And User Management 4.1.0 Shell Upload Vulnerability
Exploit for php platform in category web applications Title PHP Login & User Management = 4.1.0 - Arbitrary File Upload CVE-2018-11392 Product PHP Login & User Management https://codecanyon.net/item/php-login-user-management/49008 CVE CVE-2018-11392 Credit Reginald Dodd Description An arbitrary...
PHP Login And User Management 4.1.0 Shell Upload
Title PHP Login & User Management = 4.1.0 - Arbitrary File Upload CVE-2018-11392 Product PHP Login & User Management https://codecanyon.net/item/php-login-user-management/49008 CVE CVE-2018-11392 Credit Reginald Dodd Description An arbitrary file upload vulnerability in /classes/profile.class.php...
WordPress IBPS Online Exam plugin <=1.0 - Authenticated Stored Cross-site scripting (XSS) vulnerability
Authenticated Stored Cross-site scripting XSS vulnerability found in WordPress IBPS Online Exam plugin =1.0 versions by 8bitsec. The attack is possible when logged in as a student. Solution 2017.07.29 - We were unable to find information about patched release of WordPress IBPS Online Exam plugin...